1 /* 2 * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.security.cert; 27 28 import java.util.Arrays; 29 30 import java.security.Provider; 31 import java.security.PublicKey; 32 import java.security.NoSuchAlgorithmException; 33 import java.security.NoSuchProviderException; 34 import java.security.InvalidKeyException; 35 import java.security.SignatureException; 36 37 import sun.security.x509.X509CertImpl; 38 39 /** 40 * <p>Abstract class for managing a variety of identity certificates. 41 * An identity certificate is a binding of a principal to a public key which 42 * is vouched for by another principal. (A principal represents 43 * an entity such as an individual user, a group, or a corporation.) 44 *<p> 45 * This class is an abstraction for certificates that have different 46 * formats but important common uses. For example, different types of 47 * certificates, such as X.509 and PGP, share general certificate 48 * functionality (like encoding and verifying) and 49 * some types of information (like a public key). 50 * <p> 51 * X.509, PGP, and SDSI certificates can all be implemented by 52 * subclassing the Certificate class, even though they contain different 53 * sets of information, and they store and retrieve the information in 54 * different ways. 55 * 56 * @see X509Certificate 57 * @see CertificateFactory 58 * 59 * @author Hemma Prafullchandra 60 */ 61 62 public abstract class Certificate implements java.io.Serializable { 63 64 private static final long serialVersionUID = -3585440601605666277L; 65 66 // the certificate type 67 private final String type; 68 69 /** 70 * Creates a certificate of the specified type. 71 * 72 * @param type the standard name of the certificate type. 73 * See the CertificateFactory section in the <a href= 74 * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertificateFactory"> 75 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 76 * for information about standard certificate types. 77 */ 78 protected Certificate(String type) { 79 this.type = type; 80 } 81 82 /** 83 * Returns the type of this certificate. 84 * 85 * @return the type of this certificate. 86 */ 87 public final String getType() { 88 return this.type; 89 } 90 91 /** 92 * Compares this certificate for equality with the specified 93 * object. If the {@code other} object is an 94 * {@code instanceof} {@code Certificate}, then 95 * its encoded form is retrieved and compared with the 96 * encoded form of this certificate. 97 * 98 * @param other the object to test for equality with this certificate. 99 * @return true iff the encoded forms of the two certificates 100 * match, false otherwise. 101 */ 102 public boolean equals(Object other) { 103 if (this == other) { 104 return true; 105 } 106 if (!(other instanceof Certificate)) { 107 return false; 108 } 109 try { 110 byte[] thisCert = X509CertImpl.getEncodedInternal(this); 111 byte[] otherCert = X509CertImpl.getEncodedInternal((Certificate)other); 112 113 return Arrays.equals(thisCert, otherCert); 114 } catch (CertificateException e) { 115 return false; 116 } 117 } 118 119 /** 120 * Returns a hashcode value for this certificate from its 121 * encoded form. 122 * 123 * @return the hashcode value. 124 */ 125 public int hashCode() { 126 int retval = 0; 127 try { 128 byte[] certData = X509CertImpl.getEncodedInternal(this); 129 for (int i = 1; i < certData.length; i++) { 130 retval += certData[i] * i; 131 } 132 return retval; 133 } catch (CertificateException e) { 134 return retval; 135 } 136 } 137 138 /** 139 * Returns the encoded form of this certificate. It is 140 * assumed that each certificate type would have only a single 141 * form of encoding; for example, X.509 certificates would 142 * be encoded as ASN.1 DER. 143 * 144 * @return the encoded form of this certificate 145 * 146 * @exception CertificateEncodingException if an encoding error occurs. 147 */ 148 public abstract byte[] getEncoded() 149 throws CertificateEncodingException; 150 151 /** 152 * Verifies that this certificate was signed using the 153 * private key that corresponds to the specified public key. 154 * 155 * @param key the PublicKey used to carry out the verification. 156 * 157 * @exception NoSuchAlgorithmException on unsupported signature 158 * algorithms. 159 * @exception InvalidKeyException on incorrect key. 160 * @exception NoSuchProviderException if there's no default provider. 161 * @exception SignatureException on signature errors. 162 * @exception CertificateException on encoding errors. 163 */ 164 public abstract void verify(PublicKey key) 165 throws CertificateException, NoSuchAlgorithmException, 166 InvalidKeyException, NoSuchProviderException, 167 SignatureException; 168 169 /** 170 * Verifies that this certificate was signed using the 171 * private key that corresponds to the specified public key. 172 * This method uses the signature verification engine 173 * supplied by the specified provider. 174 * 175 * @param key the PublicKey used to carry out the verification. 176 * @param sigProvider the name of the signature provider. 177 * 178 * @exception NoSuchAlgorithmException on unsupported signature 179 * algorithms. 180 * @exception InvalidKeyException on incorrect key. 181 * @exception NoSuchProviderException on incorrect provider. 182 * @exception SignatureException on signature errors. 183 * @exception CertificateException on encoding errors. 184 */ 185 public abstract void verify(PublicKey key, String sigProvider) 186 throws CertificateException, NoSuchAlgorithmException, 187 InvalidKeyException, NoSuchProviderException, 188 SignatureException; 189 190 /** 191 * Verifies that this certificate was signed using the 192 * private key that corresponds to the specified public key. 193 * This method uses the signature verification engine 194 * supplied by the specified provider. Note that the specified 195 * Provider object does not have to be registered in the provider list. 196 * 197 * <p> This method was added to version 1.8 of the Java Platform 198 * Standard Edition. In order to maintain backwards compatibility with 199 * existing service providers, this method cannot be {@code abstract} 200 * and by default throws an {@code UnsupportedOperationException}. 201 * 202 * @param key the PublicKey used to carry out the verification. 203 * @param sigProvider the signature provider. 204 * 205 * @exception NoSuchAlgorithmException on unsupported signature 206 * algorithms. 207 * @exception InvalidKeyException on incorrect key. 208 * @exception SignatureException on signature errors. 209 * @exception CertificateException on encoding errors. 210 * @exception UnsupportedOperationException if the method is not supported 211 * @since 1.8 212 */ 213 public void verify(PublicKey key, Provider sigProvider) 214 throws CertificateException, NoSuchAlgorithmException, 215 InvalidKeyException, SignatureException { 216 throw new UnsupportedOperationException(); 217 } 218 219 /** 220 * Returns a string representation of this certificate. 221 * 222 * @return a string representation of this certificate. 223 */ 224 public abstract String toString(); 225 226 /** 227 * Gets the public key from this certificate. 228 * 229 * @return the public key. 230 */ 231 public abstract PublicKey getPublicKey(); 232 233 /** 234 * Alternate Certificate class for serialization. 235 * @since 1.3 236 */ 237 protected static class CertificateRep implements java.io.Serializable { 238 239 private static final long serialVersionUID = -8563758940495660020L; 240 241 private String type; 242 private byte[] data; 243 244 /** 245 * Construct the alternate Certificate class with the Certificate 246 * type and Certificate encoding bytes. 247 * 248 * <p> 249 * 250 * @param type the standard name of the Certificate type. <p> 251 * 252 * @param data the Certificate data. 253 */ 254 protected CertificateRep(String type, byte[] data) { 255 this.type = type; 256 this.data = data; 257 } 258 259 /** 260 * Resolve the Certificate Object. 261 * 262 * <p> 263 * 264 * @return the resolved Certificate Object 265 * 266 * @throws java.io.ObjectStreamException if the Certificate 267 * could not be resolved 268 */ 269 protected Object readResolve() throws java.io.ObjectStreamException { 270 try { 271 CertificateFactory cf = CertificateFactory.getInstance(type); 272 return cf.generateCertificate 273 (new java.io.ByteArrayInputStream(data)); 274 } catch (CertificateException e) { 275 throw new java.io.NotSerializableException 276 ("java.security.cert.Certificate: " + 277 type + 278 ": " + 279 e.getMessage()); 280 } 281 } 282 } 283 284 /** 285 * Replace the Certificate to be serialized. 286 * 287 * @return the alternate Certificate object to be serialized 288 * 289 * @throws java.io.ObjectStreamException if a new object representing 290 * this Certificate could not be created 291 * @since 1.3 292 */ 293 protected Object writeReplace() throws java.io.ObjectStreamException { 294 try { 295 return new CertificateRep(type, getEncoded()); 296 } catch (CertificateException e) { 297 throw new java.io.NotSerializableException 298 ("java.security.cert.Certificate: " + 299 type + 300 ": " + 301 e.getMessage()); 302 } 303 } 304 }